Take 107 - Ongoing
List of Resolved Issues and New Features
|
Note - This Take contains all fixes from all earlier Takes. |
ID |
Product |
Description |
---|---|---|
Take 107 Released on 20 November 2019 |
||
PRJ-1336, |
Security Management |
Inline layers are not verified when there are no selected targets in the 'install on' column. |
PRJ-4875, |
Security Management |
In some scenarios, when setting or modifying the Email/Phone fields of an administrator, the old values still appear at the bottom pane under "View Sessions" instead of the updated values. |
PRJ-5557, |
Security Management |
In some scenarios, policy installation fails with "Policy installation failed on gateway. If the problem persists contact Check Point support (Error code: 0-2000117)". Refer to sk162554. |
PRJ-5413, |
Security Management |
In some scenarios, policy Installation fails with "Operation failed, install/uninstall has been improperly terminated" error. Refer to sk162855. |
PRJ-2984, |
Security Management |
In some scenarios, show generic-objects API command fails with "Management Server failed to execute command". Refer to sk157693. |
PRJ-3379, |
Security Management |
In a rare scenario, the $CPDIR/tmp/ directory is filled with "CKP_mutex::_opt_CPsuite-RXX_fw1_log__..." files. Refer to sk36754. |
PRJ-5495, |
Security Management |
NEW: Added the policy verifier memory enhancement and additional debugging options. Refer to sk162453. |
PRJ-1248, |
Security Management |
High CPU utilization by FWM process when SmartEvent is enabled on the Security Management Server. Refer to sk147563. |
PRJ-5023, |
Security Management |
In some scenarios, policy verification process fails for extremely large policies. Refer to sk161412. |
PRJ-5424, |
Security Management |
In some scenarios, policy fetch fails if name of the Security gateway that tries to fetch this policy is not defined in DNS. Refer to sk150472. |
PRJ-6942, |
Security Management |
In a rare scenario, policy installation fails with "Policy installation had failed due to an internal error". Refer to sk163482. |
PRJ-4666, |
Multi-Domain Management |
The FWM process may unexpectedly exit when there is no valid license on the Multi-Domain Server. |
PRJ-7007, |
Multi-Domain Management |
The Gaia restore of Multi-Domain Server fails when using Take 76 of R80.30 Jumbo Hotfix Accumulator. Refer to sk163473. |
PRJ-3138, |
SmartConsole |
In some scenarios, DNS Maximum Reply Length IPS protection is not enforced.
|
PRJ-1511, |
SmartConsole |
In some scenarios, Installation Targets do not show the correct gateways when cloning and editing the installation targets in the same session. |
PRJ-1882, |
SmartConsole |
In some scenarios, user cannot delete a VS object since it is referenced by an automatically generated exception rule. Refer to sk167272. |
PRJ-4202, |
SmartView |
NEW: Added support for "SmartView for QRadar" extension. |
PRJ-5784, |
Compliance |
In some scenarios, the Compliance blade checks the 'Parent rule for Domain's policy' placeholder as if it was a real rule and shows the rule index in the Firewall Best Practices relevant objects. |
PRJ-5480, |
Security Gateway |
NEW: Enhancement: NAT port exhaustion logs mechanism was updated. Refer to sk156852. |
PRJ-4805, |
Security Gateway |
NEW: Added ability to enable NAT over specific IP address avoiding a source port allocation. |
PRJ-6036, |
Security Gateway |
In some scenarios, when the ICAP server on the Security gateway is enabled, some web pages do not load. |
PRJ-4749, |
Security Gateway |
In a rare scenario, the FWK process unexpectedly exits during debug. |
PRJ-946, |
Security Gateway |
Connectivity issues on some HTTPS sites (as login pages) when Security gateway is configured as proxy. Refer to sk147878. |
PRJ-2919, |
Security Gateway |
In a rare scenario, Security gateway may crash due to NULL pointer reference. |
PRJ-5326, |
Security Gateway |
Non-FQDN domain objects may not be enforced correctly when used in the Access policy along with updatable objects. |
PRJ-5820, |
Security Gateway |
In some scenarios, traffic is dropped with 'up_transaction_notify_clob failed' error in dmesg when Application Control is enabled. |
PRJ-5312, |
Security Gateway |
In a rare scenario, Security gateway freezes when IP pool NAT and VPN are used. |
PRJ-4356, |
Security Gateway |
In a rare scenario, Security gateway crashes when proxy is enabled. |
PRJ-1872, |
Security Gateway |
In some scenarios, when using Hide NAT with GRE tunnel, packets going through this GRE tunnel may get dropped. Refer to sk154492. |
PRJ-4398, |
Security Gateway |
In some scenarios, traffic is dropped with "[ERROR]: network_classifier_handle_dag: failed to get uuid of DAG bogus_ip" error in dmesg. |
PRJ-3426, |
Security Gateway |
In a rare scenario, changing the xmit-hash-policy of the bonding group while machine handling traffic, causes it to crash. Refer to sk154573. |
PRJ-4180, |
Security Gateway |
Some Web sites cannot be opened when Content Awareness or Anti-Virus/Anti-Bot is enabled, and Security gateway is configured as proxy. |
PRJ-4403, |
Security Gateway |
In a rare scenario, when X-Forwarded-For (XFF) settings are enabled on one of the policy layers and on the Security Gateway object, traffic may be accepted although it should be dropped according to Access policy. |
PRJ-771, |
Security Gateway |
In a rare scenario, memory usage may rise on Security gateway, when using service with resource with "Optimize URL logging" feature enabled. Refer to sk153052. |
PRJ-4351, |
Security Gateway |
Access rulebase may not be enforced properly when wildcard objects are used in source and destination columns. Refer to sk162692. |
PRJ-5141, |
Security Gateway |
In some scenarios, traffic is dropped with "network_classifier_get_dynobjs_for_ip: failed to get UUIDs for IP 0.0.0.0" and "kfunc_ip_ranges_to_dynobj: network_classifier_get_dynobjs_for_ip failed" errors in dmesg when dynamic object is used in access policy.
|
PRJ-4114, |
Security Gateway |
In some scenarios, logs cannot be seen because the LOG_INDEXER process stopped working. |
PRJ-3276, |
Logging |
Log Exporter filtering feature allows to decide which logs will be exported based on values from the various fields on the raw log. |
PRJ-3210, |
Logging |
In some Full HA environment scenarios, the "Logserver <Cluster virtual IP> is disconnected" error pops up in SmartConsole log view. |
PRJ-1325, |
Logging |
In some scenarios, when running mdsstart, the following error message is shown: "/opt/CPSmartLog-R80.20/bin/smartlogstop: line 65: /opt/CPmds-R80.20/customers//CPSmartLog-R80.20/log/smartlogRun.log: No such file or directory". |
PRJ-1311, |
Logging |
In the Logs & Monitor view, the "File size" field is missing from the logs generated by Media Encryption & Port Protection blade. Refer to sk157952. |
PRJ-2019, |
Logging |
In some scenarios, when SAM activity is defined and a Log server receives a high amount of packets, the FWD process on the Log server unexpectedly exits. |
PRJ-5338, |
Logging |
NEW: Added new Log Exporter feature to export links to the relevant log and log attachments (such as Forensics\TE report). |
PRJ-4759, |
IPS |
In some scenarios, IPS update fails as a result of error in management server installation. |
PRJ-6658, |
HTTPS Inspection |
NEW: HTTP traffic performance enhancement on VSX environment when Gzip enforcement is used. |
PRJ-5877, |
HTTPS Inspection |
In a rare scenario, Security Gateway may crash during non-compliant HTTP traffic. |
PRJ-6078, |
ClusterXL |
After installing Jumbo HotFix Take 76 only on a standby member, it's outgoing traffic does not pass. |
PRJ-4591, |
ClusterXL |
In some scenarios, arp table is not synchronized with master MAC address after fail-over. |
PRJ-5080, |
ClusterXL |
The message "fwlddist_debug_update_op: resetting to avoid overflow" should be printed only in debug mode since it's not an error. |
PRJ-4584, |
ClusterXL |
In some scenarios, installing policy in order to update the cluster topology during high load, causes the members to fail-over. Refer to sk154575. |
PRJ-4409, |
ClusterXL |
In some scenarios, when changing cluster topology and installing the policy, the cluster fails over. Refer to sk156335. |
PRJ-5859, |
SecureXL |
In a rare scenario, Host destination entries are memory leaking when neighbor entry is in incomplete state. Refer to sk157252.
|
PRJ-5153, |
SecureXL |
In some scenarios, IGMP packets are not forwarded across bridge interfaces.
|
PRJ-5154, |
SecureXL |
In some scenarios, packets with IP options are not forwarded across bridge interfaces. Refer to Issue #3 in sk154892.
|
PRJ-2815, |
SecureXL |
On cluster, Drop templates are disabled on reboot. Refer to sk153412.
|
PRJ-5152, |
SecureXL |
In a rare scenario, Security gateway may freez / crash when a multicast routing is configured. Refer to sk119299.
|
PRJ-4783, |
SecureXL |
NEW: "sim if" and "sim nonaccel" commands will be deprecated. Instead, "fwaccel if" and "fwaccel nonaccel" commands will be used to accommodate multiple SecureXL instances. |
PRJ-6850, |
SecureXL |
In some scenarios, the Security Gateway accepts the traffic, but no ARP request is sent. Refer to sk152093. |
PRJ-6100, |
SecureXL |
In some scenarios, SecureXL drops TCP packets with "Out of state" reason. |
PRJ-5155, |
SecureXL |
|
PRJ-6779, |
SecureXL |
In some scenarios, connection does not to expire correctly when NAT and some Software Blades are enabled. |
PRJ-4360, |
SecureXL |
In a rare scenario, Security gateway may crash if cpinfo reads from the /proc/ppk/cpls directory before SecureXL is initialized. |
PRJ-6150, |
SecureXL |
NEW: Added new SecureXL Fast Accelerator for Non-Scalable Platforms. Refer to sk156672. |
PRJ-834, PMTR-36031 |
CoreXL |
In a rare scenario, Security gateway may freeze when "Drop Templates" or "DOS rate" feature is enabled. |
PRJ-5469, |
SSL Inspection |
In some scenarios, several applications are not matched correctly when HTTPS Inspection enabled and URL Filtering is in HOLD mode. |
PRJ-5288, |
URL Filtering |
NEW: Improved scalability and resiliency of URL Filtering service. |
PRJ-6857, |
URL Filtering |
In a rare scenario, RAD process fails to process new kernel requests. |
PRJ-3614, |
Routing |
In some scenarios, OSPFv3 LS updates of the default route are not accepted by the Security gateway for Stub/TSA areas. Refer to sk161472. |
PRJ-6063, |
Routing |
In a rare scenario, the routed process may unexpectedly exit when a route with a local address as a nexthop is received. |
PRJ-5551, |
Gaia OS |
In some scenarios, Smart-1 405 and 410 appliances may show high voltage due to incorrect VBat thresholds. |
PRJ-1030, |
Gaia OS |
Changing the xmit-hash-policy of the bond may cause all static arp entries to disappear from the arp -a output. Refer to sk152892. |
PRJ-2191, |
Gaia OS |
Many "fwldbcast_new: too many hosts : 0" kernel messages appear in /var/log/messages file. Refer to sk153253. |
PRJ-962, |
Gaia OS |
In some scenarios, user cannot access terminal from WebUI in monitor role mode. |
PRJ-6686, |
Gaia OS |
In some scenarios, Gaia restore on Multi-Domain Server fails with error "failed to edit update registry". Refer to sk163312. |
PRJ-2819, |
Gaia OS |
While unplugging one of the Power supply cables on Smart-1 5150/5050/525 appliances a false 'No Read' message appears for ~5 seconds in both PSUs statuses (instead of Present/Input Lost/Absence). |
PRJ-4156, |
Gaia OS |
NEW: The ARP cache size limit in Clish was increased to 131072 hosts. |
PRJ-4523, |
Gaia OS |
Changing the xmit-hash-policy of the bond may cause all static arp entries to disappear from the arp -a output. Refer to sk152892. |
PRJ-3122, |
Endpoint Security |
In some scenarios, Endpoint Security Clients are in "Disconnected" state after Endpoint Security Server upgrade. Refer to sk161113. |
PRJ-2321, |
Endpoint Security |
If there is a large amount of devices which are going to be removed from the Deleted Container, the server may fail to process the epmCommands, returning "FATAL: remaining connection slots are reserved for non-replication superuser connections" error. |
PRJ-2014, |
Endpoint Security |
In some scenarios, SmartEndpoint shows "Unknown Error" when trying to open the "User and Computers" Tab "Top Bots" and software deployment by policy reports. Refer to sk151932. |
PRJ-5352, |
Endpoint Security |
In some scenarios, migrate_import fails with the "ERROR: Command completed with error code #2 and output: psql.bin: could not connect to server: No such file or directory" message in $UEPMDIR/logs/exportedFileManip*.log. |
PRJ-2913, |
Endpoint Security |
In some scenarios, when searching for a machine in SmartEndpoint and selecting it, a "Server Error" message appears. Refer to sk158432. |
PRJ-1810, |
VPN |
NEW: Connectivity enhancements for Remote Access clients using internal Office mode allocation with a long timeout. |
PRJ-4648, |
VPN |
In some scenarios, traffic is not working over Site-to-Site VPN after an upgrade. |
PRJ-2873, |
VPN |
Connectivity improvement for Remote Access clients in environments with 3rd party VPN tunnels. |
PRJ-3557, |
VSX |
NEW: Added the option to configure reject routes via vsx_provisioning_tool on Scalable Platforms Appliances. Refer to sk151473. |
PRJ-5922, |
VSX |
In some scenarios, IGMP traffic is dropped by "local interface address spoofing" in VSX HA. Refer to sk162953. |
PRJ-4674, |
VSX |
VSX configuration cannot not be applied after upgrade from R77.x to R80.x, due to duplicated VSX routes. |